Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott...
Transcript of Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott...
![Page 1: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/1.jpg)
Welcome!NERC 2017 Standards and Compliance WorkshopJW Marriott New Orleans
July 11-12, 2017
![Page 2: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
NERC Antitrust Compliance Guidelines
It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers, or any other activity that unreasonably restrains competition.
![Page 3: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
Public Announcement
Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities.
![Page 4: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
• Safety Fire exits Calling 911 Alerting hotel staff CPR
• Other Logistics Q&A Restrooms
General Announcements
![Page 5: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
• 9:00 – Noon: NERC Standards and Compliance 101 Mat Bunch Latrice Harkness Shamai Elstein Ryan Mauldin
• Noon – 1:00 p.m.: Lunch• 1:00 – 1:10 p.m.: Welcome and Introductions Laura Anderson Ryan Mauldin
• 1:10 – 1:20 p.m.: Keynote Remarks Howard Gugel Andrea Koch
Today’s Agenda
![Page 6: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
• 1:20 – 1:30 p.m.: Interactive Demonstration Laura Anderson Ryan Stewart
• 1:30 – 2:00 p.m.: Cost Effectiveness Steven Noess Soo Jin Kim
• 2:00 – 2:15 p.m.: SBS Enhancements Chris Larson
• 2:15 – 3:15 p.m.: Break• 3:15 – 3:45 p.m.: NERC Registration Initiatives Ryan Stewart
Today’s Agenda
![Page 7: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
• 3:45 – 4:00 p.m.: Project 2016-03 – Cyber Security Supply Chain Management Soo Jin Kim
• 4:00 – 4:45 p.m.: Compliance Monitoring Update (Coordinated Oversight of MRREs, IRAs, and Compliance Guidance) Kim Israelsson Kiel Lyons
• 4:45 – 5:00 p.m.: General Q&A/Closing Announcements Laura Anderson Latrice Harkness
• 5:30 – 6:30 p.m.: Reception
Today’s Agenda
![Page 8: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/8.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 9: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/9.jpg)
Keynote Remarks
Howard Gugel, NERC Senior Director of Standards and EducationAndrea Koch, NERC Senior Director of Reliability Assurance
![Page 10: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/10.jpg)
Cost Effectiveness and Guidelines and Technical Basis
Steven Noess, Director of Standards DevelopmentSoo Jin Kim, Manager of Standards Development2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 11: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/11.jpg)
RELIABILITY | ACCOUNTABILITY2
• Northeast Power Coordinating Council, Inc. procedure• NERC Cost Effective Analysis Process• 2015 policy input• Cost effectiveness method piloted in 2016
History of Cost Effectiveness
![Page 12: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY3
Cost Effectiveness
• 2017 Board of Trustees made this a priority effort All projects will generally consider cost effectiveness at a high level All formal comments will provide industry a chance to comment on cost
considerations
• Two questions to address What is level of cost versus reliability benefit? Can the most cost-effective solution be used?
![Page 13: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY4
• Periodic Reviews• Standards grading metric• Additional pilots of proposed method
Current Activities
![Page 14: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/14.jpg)
RELIABILITY | ACCOUNTABILITY5
Examples
• Examples of Project Questions Posed Supply Chain: The standard drafting team believes proposed CIP-013-1 and
the draft Implementation Guidance provide entities with flexibility to meet the reliability objectives in a cost-effective manner. Do you agree? If you do not agree, or if you agree, but have suggestions for improvement to enable additional cost-effective approaches, please provide your recommendation, and if appropriate, technical justification.
VAR EPR: The team did not identify a concern related to cost effectiveness as drafted. Do you agree? If not, please provide additional detail.
![Page 15: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY6
• Comments solicited in periodic reviews• Comments solicited in Standard comment periods• Evaluate compliance and enforcement cost impacts• Cost comment themes provided in Board of Trustees
presentations
Future Activities
![Page 16: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY7
• History Initially designed to support results-based standards First used in FAC-003-2 Contained an “information only” disclaimer Incorporated into standard development template Disclaimer paragraph was omitted
Guidelines and Technical Basis
![Page 17: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY8
• Provides drafting teams a mechanism to: Explain the technical basis for Reliability Standard Provide technical guidance to help support effective application
• To further clarify Guidelines and Technical Basis (GTB): NERC staff and Standards Committee (SC) leadership to coordinate Captured in Task 3 in SC Strategic Plan
Purpose
![Page 18: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/18.jpg)
RELIABILITY | ACCOUNTABILITY9
• NERC staff and SC leadership collaboration• A separate document to explain technical basis• Focus on understanding technology and the technical
requirements• No compliance approaches or compliance guidance• Encourage use of NERC Compliance Guidance Policy
Summary of work
![Page 19: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/19.jpg)
RELIABILITY | ACCOUNTABILITY10
• Present to SC for endorsement• Report results at August Standards Oversight and Technology
Committee meeting• Begin implementing for all projects going forward• Consider in periodic reviews whether to remove GTB from
existing standards
Timeline
![Page 20: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY11
• Implementation Guidance provides examples of implementing the standard
• Developed by industry• Can be developed by: Standard drafting teams; or Pre-qualified organization
• Supply Chain project was the first drafting team to seek endorsed Implementation Guidance
Implementation Guidance
![Page 21: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY12
![Page 22: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/22.jpg)
Standards Balloting andCommenting System (SBS)Enhancement Feature Overview and TrainingChris Larson, Manager of Standards Information 2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 23: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY2
• Ability for users to vote, delegate/revoke proxy rights, and join ballots/ballot pools from the “Ballot Events” page
• All references to the term “Survey” will be replaced with the term “Comment Form”
• Ability for users to proceed directly to the “Real-time Comments” page (formerly “Social Survey”) without first having to provide a response
• Ability for users to select members from the Registered Ballot Body (RBB) when creating groups
• Users will no longer be prompted to confirm negative opinions for Non-binding Polls
• The system will save users’ selected sort and/or filter view on all pages instead of reverting back to a default view
2017 Enhancement Features
![Page 24: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/24.jpg)
RELIABILITY | ACCOUNTABILITY3
• The “My Voting Activity” page will be removed and the voting-related functions listed below will be carried out on the “Ballot Events” page Join/withdraw from ballot pools Delegate/revoke proxies Vote for ballots
• New icon/function buttons will be added to the page (screenshots below)
“Ballot Events” Page
A and D – Join and withdraw from ballot poolB – VoteC and E – Delegate and revoke proxy rights
![Page 25: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/25.jpg)
RELIABILITY | ACCOUNTABILITY4
Change of the Term “Survey” to “Comment Form”
• Terms such as “Surveys” and “Take Survey” will be replaced with the terms “Comment Form” and “Submit Comments” for consistency between Standards’ communications/postings and the SBS
![Page 26: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/26.jpg)
RELIABILITY | ACCOUNTABILITY5
“Real-time Comments” Page
• The current term/page “Social Survey” has been renamed “Real-time Comments.” Today, users who try to access this page without first submitting comments receive the following error message:
• Voters, proxies, and contributors will have the ability to provide a thumbs-up (like), thumbs-down (dislike), to other submitters’ comments without having to provide a response themselves.
![Page 27: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/27.jpg)
RELIABILITY | ACCOUNTABILITY6
• When submitting a comment, users will have the ability to select current RBB members when creating groups
• The ability to manually enter/edit group members will remain
RBB Members and Creating Groups
![Page 28: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/28.jpg)
RELIABILITY | ACCOUNTABILITY7
• For non-binding poll ballot types, voters and proxies will not be prompted to comment or declare support for a third-party comment if a negative opinion is cast
Negative Opinions and Confirmationsfor Non-binding Polls
![Page 29: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/29.jpg)
RELIABILITY | ACCOUNTABILITY8
• Any filtered, and/or sorted results, will be retained when navigating between SBS pages
• Once a user logs out of the SBS, the filtered, and/or sorted selection, will revert to a default state
Sort and Filter
![Page 30: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/30.jpg)
RELIABILITY | ACCOUNTABILITY9
• All vote-related functions located on the “Ballot Events” page• The term “Survey” replaced with the term “Comment Form”• Proceed directly to the “Real-time Comments” page without
submitting a comment• Select members from the Registered Ballot Body (RBB) when
creating groups• No confirmation necessary for negative opinions for Non-
binding Polls• Sort and/or filter view on all pages will be retained
2017 Enhancement Features Recap
![Page 31: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/31.jpg)
RELIABILITY | ACCOUNTABILITY10
Standards Information Links
• NERC’s Balloting and Commenting page• SBS Quick Reference Guide• SBS Tutorial• 2017 SBS Enhancement Presentation slides• Administrative Support: [email protected]• NERC IT Support: https://support.nerc.net/• Standard Processes Manual• Appendix 3D – RBB Criteria• SBS Enhancements Webinar
![Page 32: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/32.jpg)
RELIABILITY | ACCOUNTABILITY11
![Page 33: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/33.jpg)
BreakWebinar participants: We will return at 3:15 p.m. Central
![Page 34: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/34.jpg)
Entity Registration Update
Ryan Stewart, NERC Manager of Registration Services2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 35: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/35.jpg)
2 RELIABILITY | ACCOUNTABILITY
Site Overview
![Page 36: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/36.jpg)
3 RELIABILITY | ACCOUNTABILITY
Portal CFR Landing Page
![Page 37: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/37.jpg)
4 RELIABILITY | ACCOUNTABILITY
CFR Landing Page
![Page 38: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/38.jpg)
5 RELIABILITY | ACCOUNTABILITY
CFR Record Dropdown Options
![Page 39: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/39.jpg)
6 RELIABILITY | ACCOUNTABILITY
Portal CFR Detailed View
![Page 40: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/40.jpg)
7 RELIABILITY | ACCOUNTABILITY
Portal CFR Detailed View
![Page 41: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/41.jpg)
8 RELIABILITY | ACCOUNTABILITY
Basic Information
![Page 42: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/42.jpg)
9 RELIABILITY | ACCOUNTABILITY
Basic Information
![Page 43: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/43.jpg)
10 RELIABILITY | ACCOUNTABILITY
View Matrix Snapshot
![Page 44: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/44.jpg)
11 RELIABILITY | ACCOUNTABILITY
Entity Contacts
![Page 45: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/45.jpg)
12 RELIABILITY | ACCOUNTABILITY
Choose Requirements
![Page 46: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/46.jpg)
13 RELIABILITY | ACCOUNTABILITY
Set Responsibilities
![Page 47: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/47.jpg)
14 RELIABILITY | ACCOUNTABILITY
Requirement Notes Modal
![Page 48: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/48.jpg)
15 RELIABILITY | ACCOUNTABILITY
Upload Documents
![Page 49: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/49.jpg)
16 RELIABILITY | ACCOUNTABILITY
Submit CFR
![Page 50: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/50.jpg)
17 RELIABILITY | ACCOUNTABILITY
CRM CFR Landing Page
![Page 51: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/51.jpg)
18 RELIABILITY | ACCOUNTABILITY
Regional CFR Summary View
![Page 52: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/52.jpg)
19 RELIABILITY | ACCOUNTABILITY
CFR Matrix View
![Page 53: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/53.jpg)
20 RELIABILITY | ACCOUNTABILITY
NERC CFR Detailed View
![Page 54: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/54.jpg)
21 RELIABILITY | ACCOUNTABILITY
Reporting
![Page 55: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/55.jpg)
22 RELIABILITY | ACCOUNTABILITY
Downloadable CFR Matrix
![Page 56: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/56.jpg)
23 RELIABILITY | ACCOUNTABILITY
![Page 57: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/57.jpg)
Cyber Security Supply Chain Risk ManagementSoo Jin Kim, NERC Manager of Standards Development2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 58: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/58.jpg)
RELIABILITY | ACCOUNTABILITY2
[the Commission directs] that NERC, pursuant to section 215(d)(5) of the FPA, develop a forward-looking, objective-driven new or modified Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations.
- Order No. 829, July 2016
• Standard(s) must be filed by September 27, 2017
FERC Order No. 829
![Page 59: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/59.jpg)
RELIABILITY | ACCOUNTABILITY3
• First formal comment period January 20 – March 6, 2017
• Second formal comment period May 2 – June 15, 2017
Standards Development Process
Oct 2016 – Mar 2017Tech Conference1st Formal Balloting
May 20172nd Formal Comment
and Balloting
July 2017Final BallotsAugust 2017
NERC Board Adoption
September 2017Deadline for filing
![Page 60: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/60.jpg)
RELIABILITY | ACCOUNTABILITY4
June Ballot Results
Ballots Non-binding Polls
Name Approval Supportive Opinions
CIP-005-6 89.84% 88.53%
CIP-010-3 82.92% 88.02%
CIP-013-1 88.64% 89.57%
![Page 61: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/61.jpg)
RELIABILITY | ACCOUNTABILITY5
• Standard drafting team (SDT) did not make substantive changes to requirements
Clarifications• CIP-013-1 Requirement R1 Part 1.2.4 Disclosure by vendors of known vulnerabilities related to the products or
services provided to the Responsible Entity
• CIP-010-3 Requirement R1 Part 1.6 Prior to a change that deviates from the existing baseline
configuration…verify software identity and integrity. Measure revised to include evidence of automated update process
• Updated CIP-010-3 Guidelines and Technical Basis section
Final Ballot
![Page 62: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/62.jpg)
RELIABILITY | ACCOUNTABILITY6
Common questions addressed by the SDT• CIP-013-1 Requirements to address software verifications and
vendor remote access are not duplicative of CIP-010/CIP-005 Procurement versus Operational
• CIP-005-6 Requirements for vendor remote access do not require session recording
• CIP-010-3 Requirements for software verifications apply to baseline changes only (do not apply to new system installation)
• Software verifications do not need to be repeated for each BES Cyber System
Comment Responses
![Page 63: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/63.jpg)
RELIABILITY | ACCOUNTABILITY7
• Implementation Guidance developed by the SDT has been endorsed by the ERO Enterprise
• Provides examples of approaches for complying with CIP-013-1 Risk-based approach to Cyber Security Supply Chain Risk Management
plans (R1) Processes for planning to procure BES Cyber Systems that identify and
assess cyber security risks from vendor products or services (R1 Part 1.1) Request-for-proposal or negotiation provisions to address topics in R1 Part
1.2.1 – 1.2.6 Processes for periodically reviewing and approving plans (R3)
Implementation Guidance
![Page 64: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/64.jpg)
RELIABILITY | ACCOUNTABILITY8
• Standards will be submitted for the August 10, 2017 NERC Board of Trustees meeting
• FERC Order No. 830 filing deadline is September 27, 2017• After filing, priority shifts to development of a comprehensive
strategy for implementation (pending regulatory approval)
Next Steps
![Page 65: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/65.jpg)
RELIABILITY | ACCOUNTABILITY9
Contact Information
• Refer to the Project 2016-03 page for more information• Email [email protected] to join the email list• Corey Sellers, Southern Company, SDT Chair Email at [email protected]
• JoAnn Murphy, PJM Interconnection, SDT Vice Chair Email at [email protected]
![Page 66: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/66.jpg)
RELIABILITY | ACCOUNTABILITY10
![Page 67: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/67.jpg)
Coordinated Oversight Program for Multi-Region Registered EntitiesKim Israelsson, Manager, Compliance Program Coordination and Process Integration, WECC2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 68: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/68.jpg)
RELIABILITY | ACCOUNTABILITY2
• Program objective and benefits• Inclusion criteria• Participation requests• 2016 participant survey feedback • Program enhancements• Current participation• ERO Enterprise contacts
Agenda
![Page 69: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/69.jpg)
RELIABILITY | ACCOUNTABILITY3
• Focus on risk to reliability, while improving: Efficiencyo Single point of contacto Streamlining processes
Consistencyo Compliance Monitoring and Enforcement Program (CMEP) activitieso Organization Registration and Certification Program (ORCP) activitieso Reporting requirements and tools
Objective
![Page 70: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/70.jpg)
RELIABILITY | ACCOUNTABILITY4
• Lead Regional Entity (LRE) and Affected Regional Entities (ARE) coordinated to provide: Single point of contact for CMEP, ORCP, and other activities Centralized monitoring, enforcement, and reporting
Benefits of Coordinated Oversight for MRREs
![Page 71: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/71.jpg)
RELIABILITY | ACCOUNTABILITY5
• Registered Entity Operates in or owns assets in two or more Regional Entity(ies) jurisdictions Verifies its Primary Compliance Contact (PCC), Authorizing Officer (AO), or
Primary Compliance Officer (PCO) contact information is accurate prior to submitting request for inclusion
Designates a PCC
Criteria for Inclusion in Coordinated Oversight Program
![Page 72: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/72.jpg)
RELIABILITY | ACCOUNTABILITY6
• PCC, AO, or PCO submits initial request to designated NERC or Regional Entity MRRE coordinated oversight contacts
• Requests may include the following information: Registered Entity name(s) NERC Compliance Registry (NCR) Number(s) to be included Applicable Regional Entities Applicable registered functions PCC information for MRRE Description of registered entity(ies) compliance program Description of facilities
Participation Request Process
![Page 73: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/73.jpg)
RELIABILITY | ACCOUNTABILITY7
• Survey sent to 40 MRREs in Coordinated Oversight Program in June 2016 Responses received from all 40 MRREs
• Survey requested feedback on: Implementation and streamlining of activities LRE and ARE coordination Overall satisfaction
• General Comments 97% of MRREs support continued participation 84% of the MRREs believe it fulfills the objectives
2016 Participant Survey
![Page 74: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/74.jpg)
RELIABILITY | ACCOUNTABILITY8
• “The MRRE program has been a welcome enhancement for our compliance efforts.”
• “Overall, it has been a very positive experience for our organization.”
• “The MRRE program has been extremely successful in streamlining processes and more effectively utilizing resources.”
• “Entity’s assessment at this early stage is “so far, so good.” We have no suggestions for improvement at present. The program has been quite beneficial for us.”
Participant Survey – Value Statements
![Page 75: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/75.jpg)
RELIABILITY | ACCOUNTABILITY9
• Inherent Risk Assessments (IRA)• Data systems and portals for data collection Technical Feasibility Exceptions (TFEs) submittals Periodic Data Submittals
• Communication Information about process and what to expect Guidance on changes to registered entity assets and potential impacts on
program participation
Participant Survey – Improvement Opportunities
![Page 76: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/76.jpg)
RELIABILITY | ACCOUNTABILITY10
• 2017 enhancements Developed and publically posted an ERO Enterprise consolidated 2017
Periodic Data Submittal schedule Developed internal, ERO Enterprise procedures to address roles,
responsibilities, and processes Developed ERO Enterprise templates Conducted ERO Enterprise staff training
• Ongoing enhancements TFE submittals Communication and transparency of processes Maintain list of Frequently Asked Questions
• 2017 Participant Survey• 2017 outreach (e.g., Fall industry webinar)
Program Enhancements
![Page 77: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/77.jpg)
RELIABILITY | ACCOUNTABILITY11
MRRE – Regional Breakdown*
MRO 12%
NPCC 1%
RF 16%
SERC 11%
SPP RE 10%
Texas RE44%
WECC 6%
*As of Q1 2017.
![Page 78: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/78.jpg)
RELIABILITY | ACCOUNTABILITY12
MRRE – Distribution by Registered Function
2330
166155
11 6
32
6
39 35 32
140
20
40
60
80
100
120
140
160
180
BA DP GO GOP PA RC RP RSG TO TOP TP TSP
Num
ber o
f Ent
ities
Reg
iste
red
by
Regi
ster
ed F
unct
ion
*As of Q1 2017.
![Page 79: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/79.jpg)
RELIABILITY | ACCOUNTABILITY13
Team Members Contact Information
• Scott Knewasser - FRCC• Sara Patrick - MRO• Stanley Kopman - NPCC• Megan Gambrel - RF• Todd Curl - SERC• Jim Williams – SPP RE• Bill Lewis – Texas RE• Kim Israelsson - WECC• Barb Nutter - NERC
• [email protected]• [email protected]• [email protected]• [email protected]• [email protected]• [email protected]• [email protected]• [email protected]• [email protected]
Designated NERC/Regional Entity MRRE Coordinated Oversight Contacts
For questions, please contact a designated NERC/Regional Entity MRRE contact for assistance
![Page 80: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/80.jpg)
RELIABILITY | ACCOUNTABILITY14
![Page 81: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/81.jpg)
Inherent Risk Assessments
Kiel Lyons, Manager, Grid Planning and Operations Assurance2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 82: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/82.jpg)
RELIABILITY | ACCOUNTABILITY2
Risk-based CMEP
![Page 83: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/83.jpg)
RELIABILITY | ACCOUNTABILITY3
• Inherent Risk Assessment (IRA) process end goal is entity-specific Compliance Oversight Plans (COPs) Functions performed Assets owned or operated Location
• 18 common Electric Reliability Organization (ERO) risk factors and criteria Common criteria established, with regional flexibility provided
• Other considerations Entity performance data (e.g., misoperations, event analysis) Compliance history Knowledge of the entity (e.g., internal controls) Risk Elements
What is an IRA?
![Page 84: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/84.jpg)
RELIABILITY | ACCOUNTABILITY4
• How considerations impact monitoring of inherent risk• Development of Compliance Oversight Plans (COPs) Reliability Standards and requirements for compliance monitoring Compliance monitoring tools (i.e., CMEP Tools) Interval of compliance monitoring
Output of IRA
![Page 85: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/85.jpg)
RELIABILITY | ACCOUNTABILITY5
• Guide for Compliance Monitoring http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/ERO%20Enterprise%2
0Guide%20for%20Compliance%20Monitoring.pdf
Resources
![Page 86: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/86.jpg)
RELIABILITY | ACCOUNTABILITY6
![Page 87: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/87.jpg)
Compliance Guidance
Kiel Lyons, Manager, Grid Planning and Operations Assurance2017 Standards and Compliance WorkshopJuly 11, 2017
![Page 88: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/88.jpg)
RELIABILITY | ACCOUNTABILITY8
• Compliance Guidance Policy• Types of Guidance• Pre-Qualified Organizations• Endorsement Process• Current Guidance• Website• Resources• Key Take-Aways
Overview
![Page 89: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/89.jpg)
RELIABILITY | ACCOUNTABILITY9
Principles• Cannot change scope of Reliability Standard• May be developed concurrently with Reliability Standard• Should not conflict• Should be developed collaboratively• Not only way to comply• Additional Considerations: Finite and limited set Related guidance in one location Consider revising standard Apply professional judgment Feedback loops
Compliance Guidance Policy
![Page 90: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/90.jpg)
RELIABILITY | ACCOUNTABILITY10
Compliance Guidance
Implementation Guidance
CMEP Practice Guides
Types of Guidance
![Page 91: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/91.jpg)
RELIABILITY | ACCOUNTABILITY11
Implementation Guidance• Developed by industry, for industry• Examples or approaches One of several possible approaches
• Developed by: Standard Drafting Team (SDT)o Vetted by industry
Pre-Qualified Organizationo Endorsed by ERO Enterprise, with deference
Types of Guidance
![Page 92: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/92.jpg)
RELIABILITY | ACCOUNTABILITY12
• CMEP Practice Guides Developed by ERO Enterprise, but may be initiated through a policy
discussion with industry Address how CMEP staff executes CMEP activitieso Possible considerations include the discretion to be applied, auditing practices,
risk assessment techniques, policies, and areas of focuso Not approaches to comply with standards
Uniform approaches that foster consistency across the ERO Enterprise Publically posted for transparency Apply professional judgment when evaluating methods or approaches not
identified in guidance
Types of Guidance
![Page 93: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/93.jpg)
RELIABILITY | ACCOUNTABILITY13
CMEP Practice Guides• Developed by ERO Enterprise, for ERO Enterprise May be initiated through industry discussions Publically posted
• ERO Enterprise CMEP staff approach Fosters consistency Possible considerations include the discretion to be applied, auditing
practices, risk assessment techniques, policies, and areas of focus
Types of Guidance
![Page 94: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/94.jpg)
RELIABILITY | ACCOUNTABILITY14
Approved by Compliance and Certification Committee (CCC) • The organization must: Be actively involved in NERC operations Have methods to assure technical rigor Possess ability to vet content
Pre-Qualified Organizations
![Page 95: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/95.jpg)
RELIABILITY | ACCOUNTABILITY15
Applicant applies with
the CCC
CCC Reviews Application
CCC notifies the applicant of approval
Applicant is added to Pre-
Qualified Organization
List
Pre-Qualified Organizations
Pre-Qualified Organization Application Process
![Page 96: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/96.jpg)
RELIABILITY | ACCOUNTABILITY16
• Standard Drafting Team (SDT) Identifies examples Reviews existing guidance
• Examples vetted by industry• Decision to submit for ERO Enterprise endorsement made by: Project Management and Oversight Subcommittee (PMOS) liaison and NERC Standards Developer submit for ERO Enterprise endorsement
• May not submit guidance after standard is approved Must be submitted by Pre-Qualified Organization
Pre-Qualified Organizations
![Page 97: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/97.jpg)
RELIABILITY | ACCOUNTABILITY17
Endorsement of Implementation Guidance• Pre-Qualified Organization or SDT submit proposed guidance Email to [email protected] Include Implementation Guidance Submittal Form
• NERC Acknowledges receipt Posts proposed guidance Distributes to ERO SME
• ERO endorses or declines to endorse• Publicly posted Non-Endorsed noted in spreadsheet
Endorsement Process
![Page 98: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/98.jpg)
RELIABILITY | ACCOUNTABILITY18
• Implementation Guidance Under Development/Consideration CEIWG - Voice Communications in a CIP Environment (VOIP in Control
Centers) CEIWG - Shared Facilities (CIP) CEIWG - NRC Employee Access and CIP-004 Personnel Risk Assessment NATF - TPL-001-5 NATF - CIP-010-2 Transient Cyber Assets NATF - CIP-014-2, R4 and R5 NEI - PRC-024-2, R1, R2, and R3 WICF - CIP-010-5 R1 Part 1.1.4 - Netstat baseline for Ports and Services WICF - MOD-025/MOD-026 - Manufacture curve/data is not available
Current Guidance
![Page 99: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/99.jpg)
RELIABILITY | ACCOUNTABILITY19
Website
![Page 100: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/100.jpg)
RELIABILITY | ACCOUNTABILITY20
Website
![Page 101: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/101.jpg)
RELIABILITY | ACCOUNTABILITY21
Website
![Page 102: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/102.jpg)
RELIABILITY | ACCOUNTABILITY22
Website
![Page 103: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/103.jpg)
RELIABILITY | ACCOUNTABILITY23
• Compliance Guidance web page http://www.nerc.com/pa/comp/guidance/Pages/default.aspx
• Compliance Guidance Policy http://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINA
L_Board_Accepted_Nov_5_2015.pdf
• How to Submit Proposed Guidance http://www.nerc.com/pa/comp/guidance/Documents/Pre-
qualified_org_submittal_with_form.pdf
Resources
![Page 104: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/104.jpg)
RELIABILITY | ACCOUNTABILITY24
• Pre-Qualified Organization list http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified%20organizations.pdf
• Procedure to Become a Pre-qualified Organization http://www.nerc.com/comm/CCC/Related%20Files%202013/Final%20CCCPP-
011_May_BOTCC_updated.pdf
• Pre-Qualified Organization Application http://www.nerc.com/pa/comp/guidance/Documents/Application_Pre-
Qualified_Organization.pdf
Resources
![Page 105: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/105.jpg)
RELIABILITY | ACCOUNTABILITY25
• Implementation Guidance is one approach an entity may take to meet its obligations Are developed and vetted by industry Are endorsed/not endorsed by the ERO Enterprise
• CMEP Practices Guides Developed by, and for the ERO Enterprise
• Industry Webinar held May 31, 2017 https://cc.readytalk.com/cc/playback/Playback.do?id=2iu36n
• Lessons Learned Reference Sheet under development Industry will be notified when available
Key Takeaways
![Page 106: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/106.jpg)
RELIABILITY | ACCOUNTABILITY26
![Page 107: Welcome! [] 1 Presentation.pdf · Welcome! NERC 2017 Standards and Compliance Workshop. JW Marriott New Orleans. July 11-12, 2017](https://reader033.fdocuments.us/reader033/viewer/2022042306/5ed1b1458885c9544e6bcc1d/html5/thumbnails/107.jpg)
RELIABILITY | ACCOUNTABILITY1